Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Victoria Yan Pillitteri (Fed)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 1 - 25 of 28

Assessing Enhanced Security Requirements for Controlled Unclassified Information

March 15, 2022
Author(s)
Ronald S. Ross, Victoria Yan Pillitteri, Kelley L. Dempsey
The protection of Controlled Unclassified Information (CUI) in nonfederal systems and organizations is important to federal agencies and can directly impact the ability of the Federal Government to successfully carry out its assigned missions and business

Developing Cyber-Resilient Systems: A Systems Security Engineering Approach

December 8, 2021
Author(s)
Ronald S. Ross, Victoria Yan Pillitteri, Richard Graubart, Deborah Bodeau, Rosalie McQuaid
NIST Special Publication (SP) 800-160, Volume 2, Revision 1, focuses on cyber resiliency engineering—an emerging specialty systems engineering discipline applied in conjunction with systems security engineering and resilience engineering to develop

Approaches for Federal Agencies to Use the Cybersecurity Framework

August 17, 2021
Author(s)
Jeffrey Marron, Victoria Yan Pillitteri, Jon M. Boyens, Stephen Quinn, Gregory Witte
The document highlights examples for implementing the Framework for Improving Critical Infrastructure Cybersecurity (known as the Cybersecurity Framework) in a manner that complements the use of other NIST security and privacy risk management standards

Managing the Security of Information Exchanges

July 20, 2021
Author(s)
Kelley L. Dempsey, Victoria Yan Pillitteri, Andrew Regenscheid
An organization often has mission and business-based needs to exchange (share) information with one or more other internal or external organizations via various information exchange channels. However, it is recognized that the information being exchanged

ISCMA: An Information Security Continuous Monitoring Program Assessment

March 31, 2021
Author(s)
Victoria Yan Pillitteri, Kelley L. Dempsey, Chad Baer, Ron Rudman, Robert Niemeyer, Susan Urban
This publication describes an example methodology for assessing an organization's Information Security Continuous Monitoring (ISCM) program. It was developed directly from NIST guidance and is applicable to any organization, public or private. It can be

Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171

February 9, 2021
Author(s)
Ronald S. Ross, Victoria Pillitteri, Gary Guissanie, Ryan Wagner, Richard Graubart, Deborah Bodeau
The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the Federal Government to successfully conduct its essential

Control Baselines for Information Systems and Organizations

December 11, 2020
Author(s)
Ronald S. Ross, Victoria Y. Pillitteri
This publication provides security and privacy control baselines for the Federal Government. There are three security control baselines (one for each system impact level: low-impact, moderate- impact, and high-impact), as well as a privacy baseline that is

Security and Privacy Controls for Information Systems and Organizations

December 10, 2020
Author(s)
Ronald S. Ross, Victoria Y. Pillitteri
This publication provides a catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats and risks

Control Baselines for Information Systems and Organizations

October 29, 2020
Author(s)
Ronald S. Ross, Victoria Y. Pillitteri
This publication provides security and privacy control baselines for the Federal Government. There are three security control baselines (one for each system impact level: low-impact, moderate-impact, and high-impact), as well as a privacy baseline that is

Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

February 21, 2020
Author(s)
Ronald S. Ross, Victoria Y. Pillitteri, Kelley L. Dempsey, Mark Riddle, Gary Guissanie
The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its essential

Developing Cyber Resilient Systems: A Systems Security Engineering Approach

November 27, 2019
Author(s)
Ronald S. Ross, Victoria Y. Pillitteri, Richard Graubart, Deborah Bodeau, Rosalie McQuaid
This publication is used in conjunction with ISO/IEC/IEEE 15288:2015, Systems and software engineering--Systems life cycle processes, NIST Special Publication 800-160, Volume 1, Systems Security Engineering--Considerations for a Multidisciplinary Approach

Assessing Security Requirements for Controlled Unclassified Information

June 13, 2018
Author(s)
Ronald S. Ross, Kelley L. Dempsey, Victoria Y. Pillitteri
The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its assigned

An Introduction to Information Security

June 22, 2017
Author(s)
Michael Nieles, Kelley L. Dempsey, Victoria Y. Pillitteri
Organizations rely heavily on the use of information technology (IT) products and services to run their day-to-day activities. Ensuring the security of these products and services is of the utmost importance for the success of the organization. This

Multicast Delayed Authentication For Streaming Synchrophasor Data in the Smart Grid

May 30, 2016
Author(s)
Sergio Camara, Dhananjay Anand, Victoria Yan Pillitteri, Luiz F. Carmo
Multicast authentication of synchrophasor data is challenging due to the design requirements of Smart Grid monitoring systems such as low security overhead, tolerance of lossy networks, time-criticality and high data rates. In this work, we propose inf

Tailoring Security Controls for Industrial Control Systems

November 16, 2015
Author(s)
Victoria Y. Pillitteri, Larry Feldman, Gregory A. Witte
This bulletin summarizes the information presented in NIST SP 800-82, Rev 2: Guide to Industrial Control Systems (ICS) Security written by Keith Stouffer, Victoria Pillitteri, Suzanne Lightman, Marshall Abrams and Adam Hahn. The publication provides

Guide to Industrial Control Systems (ICS) Security

June 3, 2015
Author(s)
Keith A. Stouffer, Victoria Y. Pillitteri, Suzanne Lightman, Marshall Abrams, Adam Hahn
This document provides guidance on how to secure Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic

NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 3.0

October 1, 2014
Author(s)
Chris Greer, David A. Wollman, Dean Prochaska, Paul A. Boynton, Jeffrey A. Mazer, Cuong Nguyen, Gerald FitzPatrick, Thomas L. Nelson, Galen H. Koepke, Allen R. Hefner Jr., Victoria Yan Pillitteri, Tanya L. Brewer, Nada T. Golmie, David H. Su, Allan C. Eustis, David Holmberg, Steven T. Bushby
Section 1305 of the Energy Independence and Security Act (EISA) of 2007 (Pub. L. 110-140) directs NIST ‘‘to coordinate the development of a framework that includes protocols and model standards for information management to achieve interoperability of

Guidelines for Smart Grid Cybersecurity

September 25, 2014
Author(s)
Victoria Y. Pillitteri, Tanya L. Brewer
This three-volume report, Guidelines for Smart Grid Cybersecurity, presents an analytical framework that organizations can use to develop effective cybersecurity strategies tailored to their particular combinations of Smart Grid-related characteristics